What it is
Default credentials are vendor-supplied usernames and passwords (such as admin/admin or root/root) intended for initial setup of devices, applications, or appliances. When systems are deployed without changing these credentials, they become trivial entry points. Default credentials are prevalent across routers, cameras, NAS devices, web panels, industrial controllers, and enterprise appliances.
Attackers maintain extensive lists of factory credentials and use automated scanners to identify devices still using them. Success grants immediate, often privileged access without needing to exploit software vulnerabilities.
Why it matters
Exploitation of default credentials is one of the most common breach vectors. It requires no advanced techniques and frequently results in full compromise. IoT botnets, consumer router takeovers, and many initial ransomware footholds trace back to unchanged defaults. Beyond security, leaving default credentials in place can constitute non-compliance with security frameworks and regulations.
How to reduce risk
- Enforce credential rotation policies during provisioning and onboarding.
- Harden golden images and require unique, strong credentials or certificate-based identities.
- Integrate configuration checks into infrastructure-as-code pipelines and asset inventories.
- Periodically scan for default credentials and remediate any findings immediately.
- Use privileged access management (PAM) solutions and least privilege for administrative accounts.